At first, my internet explorer browser said it couldn't connect to the internet, but my wireless connection said that it was connected. I looked online and tried to fix it, but nothing worked. As I was trying to fix the problem, my computer started to freeze more often, so I tried to run Malware Bytes to remove any viruses my computer may have had, and the scan took almost 6 minutes to scan 1 file and it eventually froze completely so I could not finish the scan! Now as soon as I turn on my computer, the internet is still doing the same thing and I am not able to do anything as it is completely frozen. I was going to use your procedure to get rid of Malware or any other viruses, but I would not be able to open up any programs, let alone download them from the internet. I have no idea what to do! Please help!! The computer is a Dell Inspiron 6400 and the operating system is WIndows XP. This is really urgent as I need to finish some work in the next couple of days!
Computer Completely Blocked Out by Virus!
Started by
stylequeen16
, Sep 24 2010 06:55 PM
-
This topic is locked
#1
Posted 24 September 2010 - 06:55 PM
stylequeen16
-
- Member
-
- 4 posts
New Member
At first, my internet explorer browser said it couldn't connect to the internet, but my wireless connection said that it was connected. I looked online and tried to fix it, but nothing worked. As I was trying to fix the problem, my computer started to freeze more often, so I tried to run Malware Bytes to remove any viruses my computer may have had, and the scan took almost 6 minutes to scan 1 file and it eventually froze completely so I could not finish the scan! Now as soon as I turn on my computer, the internet is still doing the same thing and I am not able to do anything as it is completely frozen. I was going to use your procedure to get rid of Malware or any other viruses, but I would not be able to open up any programs, let alone download them from the internet. I have no idea what to do! Please help!! The computer is a Dell Inspiron 6400 and the operating system is WIndows XP. This is really urgent as I need to finish some work in the next couple of days!
#2
Posted 25 September 2010 - 04:28 AM
Aaron
-
- Expert
-
- 3,155 posts
Expert
Hi, welcome to Geeks to Go 
!
I'm Aaron and I will be helping you with your problem(s).
Before we start I need to mention a few things:
Lets try this first, if it fails go to Plan B.
Please download OTH to your desktop
Please download OTL to your desktop
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.
Then select Start OTL. OTL will now run
Plan B
Download Rkill from here : there are several flavours to choose from, if one does not work then try the next
* rkill.com
* rkill.scr
* rkill.pif
Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.
Do not reboot your computer after running rkill as the malware programs will start again.
Then run OTL as above
!I'm Aaron and I will be helping you with your problem(s).
Before we start I need to mention a few things:
- Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
- I recommend reading my instructions at least once before carrying them out, this will make sure you understand them before you start.
- Try to reply every one-two days, I'll try to do the same. At some point your computer will run better (hopefully
), but this doesn't mean all malware is removed!
Therefore it's very important to keep following my instructions. I'll tell you when we are done. - Please don't run any other malware removal tools/programs or instructions that I didn't asked for.
- It's important follow all instructions as told. If you have any questions, don't hesitate to ask!
Lets try this first, if it fails go to Plan B.
Please download OTH to your desktop
Please download OTL to your desktop
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.
Then select Start OTL. OTL will now run
- Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Click the Internet Explorer button, post these logs in your next reply.
Plan B
Download Rkill from here : there are several flavours to choose from, if one does not work then try the next
* rkill.com
* rkill.scr
* rkill.pif
Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.
Do not reboot your computer after running rkill as the malware programs will start again.
Then run OTL as above
#3
Posted 25 September 2010 - 02:43 PM
stylequeen16
- Topic Starter
-
- Member
-
- 4 posts
New Member
Hi thank you so much for your help!
So I tried everything you asked me to do, and it still doesn't work. The computer still freezes and I still cannot get an internet browser to work. I would post the logs, but I am not sure how. They are really long, so do I just copy and paste them? I'm a little confused, I'm not very good with computer
So I tried everything you asked me to do, and it still doesn't work. The computer still freezes and I still cannot get an internet browser to work. I would post the logs, but I am not sure how. They are really long, so do I just copy and paste them? I'm a little confused, I'm not very good with computer
#4
Posted 25 September 2010 - 02:44 PM
Aaron
-
- Expert
-
- 3,155 posts
Expert
Yes, please copy & paste them 
#5
Posted 26 September 2010 - 10:03 AM
stylequeen16
- Topic Starter
-
- Member
-
- 4 posts
New Member
Okay, here it goes!
OTL Scan Log:
OTL logfile created on: 9/25/2010 3:29:50 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 68.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.71 Gb Total Space | 71.42 Gb Free Space | 80.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Shubha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/25 15:29:30 | 000,094,728 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
PRC - [2010/09/25 15:08:15 | 000,094,732 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:08:01 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:07:42 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:04:58 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 14:58:09 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill.exe
PRC - [2010/09/25 14:14:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
PRC - [2010/09/25 14:13:56 | 000,258,560 | ---- | M] (OldTimer Tools) -- E:\OTH.scr
PRC - [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
PRC - [2010/09/24 10:47:06 | 000,094,724 | ---- | M] () -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
========== Modules (SafeList) ==========
MOD - [2010/09/25 14:14:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/25 15:15:31 | 000,430,080 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2010/09/25 15:15:28 | 001,257,472 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/09/25 15:15:27 | 000,557,056 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/09/25 15:15:24 | 000,868,352 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
========== Driver Services (SafeList) ==========
DRV - [2010/07/26 01:49:32 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\kseirqs.sys -- (kseirqs)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/11 16:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 11:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 11:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 06:00:00 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - HKLM\software\mozilla\Firefox\extensions\\{26F676A6-E8A4-462A-A917-7B817A9D5A29}: C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} [2010/07/21 23:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0B45DD3E-FB1A-49E2-82A3-50BF114EF4A2}: C:\Documents and Settings\Reha\Local Settings\Application Data\{0B45DD3E-FB1A-49E2-82A3-50BF114EF4A2}\ [2010/09/24 18:07:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/08/12 14:17:36 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 173.192.153.178 www.123.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [nonep] C:\Program Files\temp\kill .exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe ()
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [Umayaxeqetalaj] C:\WINDOWS\uqowisucejalafoq.DLL (Ask.com)
O4 - HKCU..\Run: [{A487742F-25BA-82F6-927E-227F7F33533C}] C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe ()
O4 - HKCU..\Run: [Exatoxaxedakokox] C:\WINDOWS\onec31.DLL File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe) - C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcyz46 = C:\DOCUME~1\Shubha\LOCALS~1\Temp\l84alx.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Shubha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shubha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 21:43:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5318440822767616)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/24 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2010/09/20 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\sys231
[2010/09/20 09:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\sys21
[2010/09/10 12:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security
[2010/09/03 14:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/08/31 18:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/29 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/29 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/29 01:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/12 16:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\SUPERAntiSpyware.com
[2010/08/12 16:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/12 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/12 16:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/12 16:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/11 16:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/08/03 12:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 12:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/03 11:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Opogfu
[2010/07/28 15:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Asoro
[2010/07/21 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}
[2010/07/20 15:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/20 15:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/20 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA
[2010/07/01 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/06/28 20:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\New Folder
[2010/06/28 20:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\goon
[2010/06/28 20:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\hello
[4 C:\Documents and Settings\Shubha\Desktop\*.tmp files -> C:\Documents and Settings\Shubha\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Shubha\My Documents\*.tmp files -> C:\Documents and Settings\Shubha\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/25 16:11:06 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1004UA.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/09/25 16:03:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/09/25 16:02:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/09/25 16:02:54 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/09/25 15:29:14 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1005UA.job
[2010/09/25 15:26:59 | 000,070,144 | ---- | M] () -- C:\WINDOWS\ExplorerSrv.exe
[2010/09/25 15:25:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 15:24:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 15:18:32 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
[2010/09/25 15:18:32 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
[2010/09/25 15:18:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
[2010/09/25 15:18:30 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/09/25 15:18:30 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/09/25 14:59:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\cmdSrv.exe
[2010/09/25 14:44:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tbirah.bin
[2010/09/25 14:42:58 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Shubha\NTUSER.DAT
[2010/09/25 14:33:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Shubha\ntuser.ini
[2010/09/25 13:39:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/09/24 21:21:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/09/24 20:43:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/09/24 20:43:36 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat
[2010/09/24 20:43:35 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
[2010/09/24 19:11:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1004Core.job
[2010/09/24 19:05:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/09/24 19:05:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/09/24 18:29:19 | 004,304,200 | -H-- | M] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\IconCache.db
[2010/09/24 18:18:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/09/24 18:00:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/09/24 18:00:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/09/24 18:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/09/24 18:00:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/09/24 17:21:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\System32\o4D1E.com
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\o4D1E.com
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/24 12:43:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/24 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/24 10:30:46 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Google Chrome.lnk
[2010/09/24 10:30:46 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/24 09:52:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/22 20:29:04 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1005Core.job
[2010/09/11 19:45:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/03 19:59:50 | 000,800,177 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\ta guide.pdf
[2010/09/03 15:23:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Microsoft Office Word 2003.lnk
[2010/09/03 15:23:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\fuggy wins.doc
[2010/09/03 14:38:52 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\temporary.doc
[2010/09/03 14:28:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eqekumejabiveb.dat
[2010/09/01 13:59:29 | 019,350,033 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Connections.pdf
[2010/08/31 19:34:33 | 000,692,019 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\the_first_tutorial_2009_ppt (1).pdf
[2010/08/31 19:07:52 | 001,860,183 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\TAsurvguide04.pdf
[2010/08/31 17:08:20 | 000,040,861 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\five_points_to_address.pdf
[2010/08/25 20:28:32 | 000,069,263 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Tips_and_Thoughts.pdf
[2010/08/12 16:34:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/12 16:31:47 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys
[2010/08/12 16:17:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\ERUNT.lnk
[2010/07/26 01:49:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\kseirqs.sys
[2010/07/20 13:49:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/19 15:31:18 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat
[2010/07/13 11:32:39 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\affidavit.doc
[2010/07/12 20:02:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Shubha\My Documents\~$fidavit.doc
[2010/07/12 18:24:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Shubha\My Documents\~$portant Facts.doc
[2010/07/04 14:57:15 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Avoiding Plagiarism.doc
[2010/06/30 23:06:01 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Notes on.doc
[2010/06/28 23:34:36 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\shubha.xls
[2010/06/28 22:48:19 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Microsoft Office Excel 2003.lnk
[2010/06/28 19:48:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Shortcut to My Computer.lnk
[4 C:\Documents and Settings\Shubha\Desktop\*.tmp files -> C:\Documents and Settings\Shubha\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Shubha\My Documents\*.tmp files -> C:\Documents and Settings\Shubha\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/25 15:07:13 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
[2010/09/25 15:07:12 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\o4D1E.com
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe
[2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/09/25 15:06:57 | 000,094,724 | ---- | C] () -- C:\WINDOWS\System32\o4D1E.com
[2010/09/25 14:48:48 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\cmdSrv.exe
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/09/24 18:00:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/09/24 18:00:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/09/24 18:00:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/09/24 18:00:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/09/24 18:00:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/09/24 17:38:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/09/24 17:38:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/09/24 10:49:52 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/24 10:49:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/24 10:47:07 | 000,094,724 | ---- | C] () -- C:\WINDOWS\Fonts\o4D1E.com
[2010/09/21 10:33:16 | 000,070,144 | ---- | C] () -- C:\WINDOWS\ExplorerSrv.exe
[2010/09/03 19:59:50 | 000,800,177 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\ta guide.pdf
[2010/09/03 15:21:43 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\fuggy wins.doc
[2010/09/03 14:33:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\temporary.doc
[2010/09/01 13:59:24 | 019,350,033 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Connections.pdf
[2010/08/31 19:34:33 | 000,692,019 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\the_first_tutorial_2009_ppt (1).pdf
[2010/08/31 19:07:52 | 001,860,183 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\TAsurvguide04.pdf
[2010/08/25 20:28:32 | 000,069,263 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Tips_and_Thoughts.pdf
[2010/08/25 20:21:37 | 000,040,861 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\five_points_to_address.pdf
[2010/08/12 16:34:10 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/12 16:31:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys
[2010/08/12 16:17:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Shubha\Desktop\ERUNT.lnk
[2010/07/20 13:51:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eqekumejabiveb.dat
[2010/07/20 13:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tbirah.bin
[2010/07/20 13:50:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\kseirqs.sys
[2010/07/20 13:49:34 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/12 20:02:29 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\affidavit.doc
[2010/07/12 20:02:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Shubha\My Documents\~$fidavit.doc
[2010/07/12 18:24:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Shubha\My Documents\~$portant Facts.doc
[2010/06/30 23:37:18 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Avoiding Plagiarism.doc
[2010/06/30 22:06:10 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Notes on.doc
[2010/06/28 23:10:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\shubha.xls
[2010/06/28 19:48:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Shubha\Desktop\Shortcut to My Computer.lnk
[2010/06/23 14:12:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat
[2009/12/07 18:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/05 23:56:46 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/05 00:49:31 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 06:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/12/05 00:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2009/12/06 01:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/25 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Asoro
[2010/09/10 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security
[2010/07/20 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA
[2010/09/25 14:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Fouhi
[2010/09/25 15:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Itkeg
[2010/02/02 23:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Leadertech
[2010/09/25 14:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Leas
[2010/09/25 15:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Loypuw
[2010/09/24 17:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Opogfu
[2010/09/25 15:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Toan
[2010/09/20 09:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Ylikf
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/09/24 18:00:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/09/24 18:00:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/09/25 16:02:54 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/09/24 19:05:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/09/24 12:43:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/09/25 16:02:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/09/24 20:43:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/09/25 15:18:30 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
[2010/09/25 15:18:30 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
[2010/09/24 17:21:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
[2010/09/24 18:18:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At193.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At194.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At195.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At196.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At197.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At198.job
[2010/09/25 15:18:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At199.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/25 15:18:32 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At200.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At201.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At202.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At203.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At204.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At205.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At206.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At207.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At208.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At209.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At210.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At211.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At212.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At213.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At214.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At215.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At216.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At217.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At218.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At219.job
[2010/09/24 21:21:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At220.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At221.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At222.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At223.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At224.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At225.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At226.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At227.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At228.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At229.job
[2010/09/25 13:39:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At230.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At231.job
[2010/09/25 15:18:32 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At232.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At233.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At234.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At235.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At236.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At237.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At238.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At239.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At240.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/09/24 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/09/25 16:03:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/09/24 19:05:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/09/24 18:00:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/09/24 18:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/12/04 21:43:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/04 21:34:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/04 21:43:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/04 21:43:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/04 21:43:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/25 16:12:15 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2010/09/25 14:59:21 | 000,000,505 | ---- | M] () -- C:\rkill.log
[2010/07/20 13:49:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\Fonts\*.com >
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\Fonts\o4D1E.com
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/12/04 21:43:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/12/04 16:23:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/04 16:23:12 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/04 16:23:12 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/04 21:43:42 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/13 17:45:04 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/12/13 17:45:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
[2010/09/25 15:15:57 | 000,000,060 | ---- | M] () -- C:\Program Files\Internet Explorer\complete.dat
[2010/09/25 16:17:48 | 000,000,016 | ---- | M] () -- C:\Program Files\Internet Explorer\dmlconf.dat
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/12/13 17:45:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Shubha\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
[2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/25 15:29:19 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Shubha\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 06:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
[2007/09/11 11:54:00 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2004/08/04 02:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2001/05/03 07:36:24 | 000,004,710 | ---- | M] () -- C:\WINDOWS\system32\fc.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
[2009/12/17 21:23:29 | 000,046,283 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/25 14:42:58 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Shubha\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
[2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 19:30:35
< End of report >
************************
And here is the Extras Log:
OTL Extras logfile created on: 9/25/2010 2:24:43 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 64.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.71 Gb Total Space | 68.83 Gb Free Space | 77.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Shubha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-507921405-2049760794-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Shubha] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All The Right Type 3 Demo" = All The Right Type 3 Demo
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PRJPROR" = Microsoft Office Project Professional 2007
"ProInst" = Intel® PROSet/Wireless Software
"PUBLISHERR" = Microsoft Office Publisher 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-507921405-2049760794-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/24/2010 8:40:50 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module uqowisucejalafoq.dll, version 0.0.0.0, fault address 0x00012577.
Error - 9/24/2010 8:42:12 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 9/24/2010 9:02:14 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:02:15 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 9:32:22 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:32:23 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 9:42:26 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:42:26 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 10:02:55 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 10:02:55 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ System Events ]
Error - 9/24/2010 10:15:32 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 9/24/2010 10:17:37 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 9/25/2010 2:24:14 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless SSO Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
*********************
Wow, that's long!
OTL Scan Log:
OTL logfile created on: 9/25/2010 3:29:50 PM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 68.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.71 Gb Total Space | 71.42 Gb Free Space | 80.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Shubha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/25 15:29:30 | 000,094,728 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
PRC - [2010/09/25 15:08:15 | 000,094,732 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:08:01 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:07:42 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 15:04:58 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill .exe
PRC - [2010/09/25 14:58:09 | 000,094,728 | ---- | M] () -- C:\Program Files\temp\kill.exe
PRC - [2010/09/25 14:14:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
PRC - [2010/09/25 14:13:56 | 000,258,560 | ---- | M] (OldTimer Tools) -- E:\OTH.scr
PRC - [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Program Files\QuickTime\qttask .exe
PRC - [2010/09/24 10:47:06 | 000,094,724 | ---- | M] () -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/11/07 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
========== Modules (SafeList) ==========
MOD - [2010/09/25 14:14:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/25 15:15:31 | 000,430,080 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2010/09/25 15:15:28 | 001,257,472 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/09/25 15:15:27 | 000,557,056 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/09/25 15:15:24 | 000,868,352 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
========== Driver Services (SafeList) ==========
DRV - [2010/07/26 01:49:32 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\kseirqs.sys -- (kseirqs)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/11 16:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/11 11:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/11 11:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/11/18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 06:00:00 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - HKLM\software\mozilla\Firefox\extensions\\{26F676A6-E8A4-462A-A917-7B817A9D5A29}: C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} [2010/07/21 23:34:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0B45DD3E-FB1A-49E2-82A3-50BF114EF4A2}: C:\Documents and Settings\Reha\Local Settings\Application Data\{0B45DD3E-FB1A-49E2-82A3-50BF114EF4A2}\ [2010/09/24 18:07:33 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/08/12 14:17:36 | 000,000,763 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 173.192.153.178 www.123.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [nonep] C:\Program Files\temp\kill .exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe ()
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [Umayaxeqetalaj] C:\WINDOWS\uqowisucejalafoq.DLL (Ask.com)
O4 - HKCU..\Run: [{A487742F-25BA-82F6-927E-227F7F33533C}] C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe ()
O4 - HKCU..\Run: [Exatoxaxedakokox] C:\WINDOWS\onec31.DLL File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe) - C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcyz46 = C:\DOCUME~1\Shubha\LOCALS~1\Temp\l84alx.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Shubha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Shubha\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 21:43:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5318440822767616)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/24 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\temp
[2010/09/20 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\sys231
[2010/09/20 09:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\sys21
[2010/09/10 12:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security
[2010/09/03 14:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
[2010/08/31 18:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/29 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/08/29 14:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/29 01:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/12 16:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\SUPERAntiSpyware.com
[2010/08/12 16:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/12 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/12 16:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/12 16:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/11 16:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/08/03 12:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/03 12:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/03 11:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Opogfu
[2010/07/28 15:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Asoro
[2010/07/21 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}
[2010/07/20 15:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/20 15:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/20 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/20 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA
[2010/07/01 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/06/28 20:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\New Folder
[2010/06/28 20:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\goon
[2010/06/28 20:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\My Documents\hello
[4 C:\Documents and Settings\Shubha\Desktop\*.tmp files -> C:\Documents and Settings\Shubha\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Shubha\My Documents\*.tmp files -> C:\Documents and Settings\Shubha\My Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/09/25 16:11:06 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1004UA.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/09/25 16:03:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/09/25 16:02:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/09/25 16:02:54 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/09/25 15:29:14 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1005UA.job
[2010/09/25 15:26:59 | 000,070,144 | ---- | M] () -- C:\WINDOWS\ExplorerSrv.exe
[2010/09/25 15:25:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/25 15:24:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 15:18:32 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
[2010/09/25 15:18:32 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
[2010/09/25 15:18:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
[2010/09/25 15:18:30 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/09/25 15:18:30 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/09/25 14:59:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\cmdSrv.exe
[2010/09/25 14:44:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tbirah.bin
[2010/09/25 14:42:58 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Shubha\NTUSER.DAT
[2010/09/25 14:33:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Shubha\ntuser.ini
[2010/09/25 13:39:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/09/24 21:21:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/09/24 20:43:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/09/24 20:43:36 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat
[2010/09/24 20:43:35 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
[2010/09/24 19:11:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1004Core.job
[2010/09/24 19:05:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/09/24 19:05:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/09/24 18:29:19 | 004,304,200 | -H-- | M] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\IconCache.db
[2010/09/24 18:18:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/09/24 18:00:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/09/24 18:00:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/09/24 18:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/09/24 18:00:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/09/24 17:21:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\System32\o4D1E.com
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\o4D1E.com
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/24 12:43:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/24 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/24 10:30:46 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Google Chrome.lnk
[2010/09/24 10:30:46 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/24 09:52:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/22 20:29:04 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-2049760794-682003330-1005Core.job
[2010/09/11 19:45:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/03 19:59:50 | 000,800,177 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\ta guide.pdf
[2010/09/03 15:23:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Microsoft Office Word 2003.lnk
[2010/09/03 15:23:00 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\fuggy wins.doc
[2010/09/03 14:38:52 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\temporary.doc
[2010/09/03 14:28:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eqekumejabiveb.dat
[2010/09/01 13:59:29 | 019,350,033 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Connections.pdf
[2010/08/31 19:34:33 | 000,692,019 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\the_first_tutorial_2009_ppt (1).pdf
[2010/08/31 19:07:52 | 001,860,183 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\TAsurvguide04.pdf
[2010/08/31 17:08:20 | 000,040,861 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\five_points_to_address.pdf
[2010/08/25 20:28:32 | 000,069,263 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Tips_and_Thoughts.pdf
[2010/08/12 16:34:10 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/12 16:31:47 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys
[2010/08/12 16:17:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\ERUNT.lnk
[2010/07/26 01:49:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\kseirqs.sys
[2010/07/20 13:49:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/19 15:31:18 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat
[2010/07/13 11:32:39 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\affidavit.doc
[2010/07/12 20:02:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Shubha\My Documents\~$fidavit.doc
[2010/07/12 18:24:52 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Shubha\My Documents\~$portant Facts.doc
[2010/07/04 14:57:15 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Avoiding Plagiarism.doc
[2010/06/30 23:06:01 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\Notes on.doc
[2010/06/28 23:34:36 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Shubha\My Documents\shubha.xls
[2010/06/28 22:48:19 | 000,002,507 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Microsoft Office Excel 2003.lnk
[2010/06/28 19:48:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Shubha\Desktop\Shortcut to My Computer.lnk
[4 C:\Documents and Settings\Shubha\Desktop\*.tmp files -> C:\Documents and Settings\Shubha\Desktop\*.tmp -> ]
[27 C:\Documents and Settings\Shubha\My Documents\*.tmp files -> C:\Documents and Settings\Shubha\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/09/25 15:07:13 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
[2010/09/25 15:07:12 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\o4D1E.com
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
[2010/09/25 15:07:12 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe
[2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/09/25 15:06:58 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/09/25 15:06:58 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/09/25 15:06:58 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/09/25 15:06:57 | 000,094,724 | ---- | C] () -- C:\WINDOWS\System32\o4D1E.com
[2010/09/25 14:48:48 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\cmdSrv.exe
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/09/24 18:00:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/09/24 18:00:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/09/24 18:00:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/09/24 18:00:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/09/24 18:00:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/09/24 18:00:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/09/24 18:00:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/09/24 17:38:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/09/24 17:38:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/09/24 12:47:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/09/24 10:49:52 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/24 10:49:52 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/24 10:49:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/24 10:47:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/24 10:47:07 | 000,094,724 | ---- | C] () -- C:\WINDOWS\Fonts\o4D1E.com
[2010/09/21 10:33:16 | 000,070,144 | ---- | C] () -- C:\WINDOWS\ExplorerSrv.exe
[2010/09/03 19:59:50 | 000,800,177 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\ta guide.pdf
[2010/09/03 15:21:43 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\fuggy wins.doc
[2010/09/03 14:33:10 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\temporary.doc
[2010/09/01 13:59:24 | 019,350,033 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Connections.pdf
[2010/08/31 19:34:33 | 000,692,019 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\the_first_tutorial_2009_ppt (1).pdf
[2010/08/31 19:07:52 | 001,860,183 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\TAsurvguide04.pdf
[2010/08/25 20:28:32 | 000,069,263 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Tips_and_Thoughts.pdf
[2010/08/25 20:21:37 | 000,040,861 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\five_points_to_address.pdf
[2010/08/12 16:34:10 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/12 16:31:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys
[2010/08/12 16:17:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Shubha\Desktop\ERUNT.lnk
[2010/07/20 13:51:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eqekumejabiveb.dat
[2010/07/20 13:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tbirah.bin
[2010/07/20 13:50:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\kseirqs.sys
[2010/07/20 13:49:34 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/12 20:02:29 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\affidavit.doc
[2010/07/12 20:02:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Shubha\My Documents\~$fidavit.doc
[2010/07/12 18:24:52 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Shubha\My Documents\~$portant Facts.doc
[2010/06/30 23:37:18 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Avoiding Plagiarism.doc
[2010/06/30 22:06:10 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\Notes on.doc
[2010/06/28 23:10:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Shubha\My Documents\shubha.xls
[2010/06/28 19:48:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Shubha\Desktop\Shortcut to My Computer.lnk
[2010/06/23 14:12:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat
[2009/12/07 18:07:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/05 23:56:46 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/05 00:49:31 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2005/11/28 20:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 06:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 06:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/12/05 00:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2009/12/06 01:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/25 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Asoro
[2010/09/10 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security
[2010/07/20 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA
[2010/09/25 14:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Fouhi
[2010/09/25 15:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Itkeg
[2010/02/02 23:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Leadertech
[2010/09/25 14:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Leas
[2010/09/25 15:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Loypuw
[2010/09/24 17:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Opogfu
[2010/09/25 15:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Toan
[2010/09/20 09:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Ylikf
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/09/24 18:00:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/09/24 18:00:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/09/24 18:00:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/09/24 18:00:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/09/24 18:00:45 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/09/24 18:00:47 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/09/25 16:02:54 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/09/24 19:05:05 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/09/24 12:43:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/09/24 18:00:49 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/09/25 16:02:56 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/09/24 20:43:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/09/24 20:43:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/09/25 15:18:30 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
[2010/09/25 15:18:30 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
[2010/09/25 15:06:59 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
[2010/09/25 15:06:59 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
[2010/09/25 15:06:59 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
[2010/09/24 17:21:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
[2010/09/24 18:18:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At193.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At194.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At195.job
[2010/09/25 15:07:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At196.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At197.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At198.job
[2010/09/25 15:18:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At199.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/09/25 15:18:32 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At200.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At201.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At202.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At203.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At204.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At205.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At206.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At207.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At208.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At209.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At210.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At211.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At212.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At213.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At214.job
[2010/09/25 15:07:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At215.job
[2010/09/25 15:07:00 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\At216.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At217.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At218.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At219.job
[2010/09/24 21:21:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At220.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At221.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At222.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At223.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At224.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At225.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At226.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At227.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At228.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At229.job
[2010/09/25 13:39:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At230.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At231.job
[2010/09/25 15:18:32 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At232.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At233.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At234.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At235.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At236.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At237.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At238.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At239.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/09/25 15:07:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\At240.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/09/24 11:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/09/25 16:03:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/09/24 10:49:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/09/24 19:05:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/09/24 12:47:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/09/25 15:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/09/25 16:03:08 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/09/24 10:47:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/09/24 18:07:21 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/09/24 19:05:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/09/24 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/09/24 22:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/09/24 17:38:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/09/24 18:00:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/09/24 18:00:32 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/09/24 18:00:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/12/04 21:43:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/04 21:34:38 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/12/04 21:43:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/04 21:43:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/04 21:43:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/25 16:12:15 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2010/09/25 14:59:21 | 000,000,505 | ---- | M] () -- C:\rkill.log
[2010/07/20 13:49:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\Fonts\*.com >
[2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\Fonts\o4D1E.com
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/12/04 21:43:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/12/04 16:23:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/04 16:23:12 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/04 16:23:12 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/04 21:43:42 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/13 17:45:04 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/12/13 17:45:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
[2010/09/25 15:15:57 | 000,000,060 | ---- | M] () -- C:\Program Files\Internet Explorer\complete.dat
[2010/09/25 16:17:48 | 000,000,016 | ---- | M] () -- C:\Program Files\Internet Explorer\dmlconf.dat
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/12/13 17:45:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Shubha\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
[2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/25 15:29:19 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Shubha\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 06:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
[2007/09/11 11:54:00 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.exe >
[2004/08/04 02:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< %USERPROFILE%\Templates\*.tmp >
< %SYSTEMDRIVE%\explorexxx.exe\*.* >
< %Windir%\Installer\*.tmp >
< %systemroot%\System32\*.xco >
< %ProgramFiles%\system32\*.* >
< %systemroot%\System32\windos\*.* >
< %SystemRoot%\system32\sandbox\*.* >
< %SystemRoot%\system32\*.amo >
< %SystemRoot%\system32\Windows Live\*.* >
< %ProgramFiles%\logs\*.* >
< %ProgramFiles%\Bifrost\*.* >
< %SystemRoot%\system32\*.goo >
< %systemroot%\system32\IME\*.* >
< %systemroot%\BackUp\*.* >
< %systemroot%\system32\*.ico >
[2001/05/03 07:36:24 | 000,004,710 | ---- | M] () -- C:\WINDOWS\system32\fc.ico
< %systemroot%\system\*.dat >
< %systemroot%\system\*.exe >
< %AppData%\Macromedia\Common\*.* >
< %SYSTEMDRIVE%\dir\*.* /s >
< %systemroot%\system32\ras\*.exe >
< %SYSTEMDRIVE%\MFILES\*.* >
< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >
< %systemroot%\system32\services\*.* >
< %systemroot%\Spooler\*.* >
< %ProgramFiles%\system32\*.* >
< %systemroot%\system32\Setup\*.dll /x >
< %systemroot%\system32\*.mine >
< %SYSTEMDRIVE%\cleansweep.exe\*.* >
< %systemroot%\system32\ras\*.dll >
< %systemroot%\system32\ras\*.drv >
< %systemroot%\*.iq >
< %systemroot%\system32\XP\*.* >
< %SYSTEMDRIVE%\Extracted\*.* >
< %systemroot%\system32\windows\*.* >
< %systemroot%\logs\*.* >
[2009/12/17 21:23:29 | 000,046,283 | ---- | M] () -- C:\WINDOWS\Logs\DirectX.log
< %SYSTEMDRIVE%\Win.Msi\*.* >
< %systemroot%\regedit\*.* >
< %systemroot%\system32\skype\*.* >
< %AppData%\Adobe\dlluplwin25\*.* >
< %UserProfile%\*.dat >
[2010/09/25 14:42:58 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Shubha\NTUSER.DAT
< %UserProfile%\*.dll >
< %systemroot%\system32\*.sxo >
< %SYSTEMDRIVE%\Gazma\*.* /s >
< %systemroot%\system32\spynet\*.* >
< %systemroot%\system32\System\*.* >
< %appdata%\Microsoft\Windows\*.* >
< %systemroot%\system32\WinDir\*.* >
< %systemroot%\_\*.* >
< %systemroot%\system32\windows32\*.* >
< %ProgramFiles%\win\*.* >
< %AppData%\Microsoft\CD Burning\*.* >
< %systemroot%\*.cab >
< %systemroot%\K.Backup\*.* >
< %ProgramFiles%\Massenger\*.* >
< %systemroot%\System32\*.doc >
< %systemroot%\Office12\*.* >
< %systemroot%\System32\Rundl32.exe\*.* >
< %ProgramFiles%\yahoo.net\*.* >
< %systemroot%\system32\*.igo >
< %systemroot%\*.rew >
< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
< %USERPROFILE%\.COMMgr\*.* >
< %USERPROFILE%\Desktop\*.bat >
< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >
< %PROGRAMFILES%\Internet Explorer\*.Jmp >
< %PROGRAMFILES%\Windows NT\system\*.dll >
< %systemroot%\system32\*.ext >
< %systemroot%\system32\Com\*.cfg >
< %systemroot%\system32\btz\*.* >
< %systemroot%\system32\EMP\*.* >
< %systemroot%\system32\expo\*.* >
< %systemroot%\system32\inet2\*.* >
< %systemroot%\system32\xrem\*.* >
< %ProgramFiles%\Microsoft\*.* >
[2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe
< %systemroot%\usgwmt\*.* >
< %ProgramFiles%\B\*.* >
< %SYSTEMDRIVE%\lspp\*.* >
< %systemroot%\Kral\*.* >
< %SYSTEMDRIVE%\windowsdvd.exe\*.* >
< %systemroot%\system32\*.ipo >
< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >
< %systemroot%\system32\*.mof >
< %systemroot%\*.atm >
< %systemroot%\system32\svhost\*.* >
< %ProgramFiles%\system32\*.* >
< %ProgramFiles%\Docmentt\*.* >
< %systemroot%\Help\*.vbs >
< %ProgramFiles%\Windows WinSxs\*.* /s >
< %ProgramFiles%\Outlook Express\IDT\*.* /s >
< %ProgramFiles%\Microsoft Office\365\*.* /s >
< %ProgramFiles%\Windows Live\*.* >
< %systemroot%\system32\win32\*.* >
< %SYSTEMDRIVE%\RECYCLER\*.* >
< %systemroot%\Fresh1\*.* >
< %ProgramFiles%\Kekj\*.* /s >
< %systemroot%\GDU\*.* >
< %systemroot%\KA\*.* >
< %systemroot%\R\*.* >
< %systemroot%\system32\*.fyo >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 19:30:35
< End of report >
************************
And here is the Extras Log:
OTL Extras logfile created on: 9/25/2010 2:24:43 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.00 Mb Total Physical Memory | 322.00 Mb Available Physical Memory | 64.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.71 Gb Total Space | 68.83 Gb Free Space | 77.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.97% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Shubha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-507921405-2049760794-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Shubha] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All The Right Type 3 Demo" = All The Right Type 3 Demo
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PRJPROR" = Microsoft Office Project Professional 2007
"ProInst" = Intel® PROSet/Wireless Software
"PUBLISHERR" = Microsoft Office Publisher 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-507921405-2049760794-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/24/2010 8:40:50 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module uqowisucejalafoq.dll, version 0.0.0.0, fault address 0x00012577.
Error - 9/24/2010 8:42:12 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 9/24/2010 9:02:14 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:02:15 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 9:32:22 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:32:23 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 9:42:26 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 9:42:26 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
Error - 9/24/2010 10:02:55 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established
Error - 9/24/2010 10:02:55 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.
[ System Events ]
Error - 9/24/2010 10:15:32 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 9/24/2010 10:17:37 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 9/25/2010 2:24:14 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless SSO Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/25/2010 2:24:15 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
*********************
Wow, that's long!
#6
Posted 26 September 2010 - 03:39 PM
Aaron
-
- Expert
-
- 3,155 posts
Expert
Hi
I can believe your computer is very slow with all that malware, this is one of the worst computers I have had 
Let's clean it up.
Your computer has been infected by a backdoor Trojan.
This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:
Although this type of infection can almost always be removed there is know way to know if your computer will be 100% clean because backdoor Trojans have can have complete access of a system and install malicious code that may not be detectable. The only way to make sure your system is 100% clean is to do a complete reformat and reinstall of your operating system. If you want to do a reinstall of your system please let me know, otherwise I will continue to help you clean your system. If you want to learn more about backdoor Trojans you can go to: What is a backdoor Trojan?
Please follow these steps:
============ Step one ============
Run OTL again, if needed use OTH again.
============ Step two ============
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
============ Step three ============
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
After these steps:
I see that you are running no antivirussoftware, this is very dangerous! Before I start helping you, you have to download and install one, here are a few witch you can choose from:
I can believe your computer is very slow with all that malware, this is one of the worst computers I have had Let's clean it up.Your computer has been infected by a backdoor Trojan.
This could allow hackers to remotely control your computer, steal critical system information including passwords credit card numbers, addresses, phone numbers, and other information stored on your computer. Before we can start I recommend to:- Use another, clean computer to change all your internet passwords, especially your financial passwords like your banks, pay pal, eBay. Also change the passwords for any other sites that you use.
- Call your financial companies and tell them that your account may have been stolen and ask what you can do.
- Closely monitor all bank and credit card statements. If you do think that you are a victim of identity theft you can go to Defend: Recover From Identity Theft to learn more.
Although this type of infection can almost always be removed there is know way to know if your computer will be 100% clean because backdoor Trojans have can have complete access of a system and install malicious code that may not be detectable. The only way to make sure your system is 100% clean is to do a complete reformat and reinstall of your operating system. If you want to do a reinstall of your system please let me know, otherwise I will continue to help you clean your system. If you want to learn more about backdoor Trojans you can go to: What is a backdoor Trojan?
Please follow these steps:
============ Step one ============
Run OTL again, if needed use OTH again.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL DRV - [2010/07/26 01:49:32 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\kseirqs.sys -- (kseirqs) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 O4 - HKLM..\Run: [nonep] C:\Program Files\temp\kill .exe () O4 - HKLM..\Run: [sta] File not found O4 - HKLM..\Run: [Umayaxeqetalaj] C:\WINDOWS\uqowisucejalafoq.DLL (Ask.com) O4 - HKCU..\Run: [{A487742F-25BA-82F6-927E-227F7F33533C}] C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe () O4 - HKCU..\Run: [Exatoxaxedakokox] C:\WINDOWS\onec31.DLL File not found F3 - HKCU WinNT: Load - (C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe) - C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: tcyz46 = C:\DOCUME~1\Shubha\LOCALS~1\Temp\l84alx.exe File not found O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7 O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe () [2010/09/24 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\temp [2010/09/20 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\sys231 [2010/09/20 09:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\sys21 [2010/09/10 12:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security [2010/09/03 14:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security [2010/08/03 11:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Opogfu [2010/07/28 15:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\Asoro [2010/07/21 23:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} [2010/07/20 13:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA [2010/09/25 15:26:59 | 000,070,144 | ---- | M] () -- C:\WINDOWS\ExplorerSrv.exe [2010/09/25 14:59:21 | 000,070,144 | ---- | M] () -- C:\WINDOWS\System32\cmdSrv.exe [2010/09/25 14:44:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tbirah.bin [2010/09/24 20:43:36 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat [2010/09/24 20:43:35 | 000,072,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\System32\o4D1E.com [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\Documents and Settings\Shubha\o4D1E.com [2010/09/03 14:28:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Eqekumejabiveb.dat [2010/08/12 16:31:47 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys [2010/07/26 01:49:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\kseirqs.sys [2010/07/20 13:49:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml [2010/07/19 15:31:18 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat [4 C:\Documents and Settings\Shubha\Desktop\*.tmp files -> C:\Documents and Settings\Shubha\Desktop\*.tmp -> ] [27 C:\Documents and Settings\Shubha\My Documents\*.tmp files -> C:\Documents and Settings\Shubha\My Documents\*.tmp -> ] [2010/09/25 15:07:12 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\o4D1E.com [2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe [2010/09/25 15:06:58 | 000,094,724 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\o4D1E.exe [2010/09/25 15:06:57 | 000,094,724 | ---- | C] () -- C:\WINDOWS\System32\o4D1E.com [2010/09/25 14:48:48 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\cmdSrv.exe [2010/09/24 10:49:52 | 000,072,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe [2010/09/24 10:49:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat [2010/09/24 10:47:07 | 000,094,724 | ---- | C] () -- C:\WINDOWS\Fonts\o4D1E.com [2010/09/21 10:33:16 | 000,070,144 | ---- | C] () -- C:\WINDOWS\ExplorerSrv.exe [2010/08/12 16:31:47 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys [2010/07/20 13:51:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Eqekumejabiveb.dat [2010/07/20 13:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tbirah.bin [2010/07/20 13:50:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\kseirqs.sys [2010/07/20 13:49:34 | 000,000,150 | ---- | C] () -- C:\zrpt.xml [2010/06/23 14:12:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat [2004/08/04 06:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys [2010/09/25 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Asoro [2010/09/10 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Bitrix Security [2010/07/20 13:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA [2010/09/25 14:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Fouhi [2010/09/25 15:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Itkeg [2010/09/25 14:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Leas [2010/09/25 15:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Loypuw [2010/09/24 17:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Opogfu [2010/09/25 15:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Toan [2010/09/20 09:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Shubha\Application Data\Ylikf [2010/09/24 17:16:12 | 000,094,724 | ---- | M] () -- C:\WINDOWS\Fonts\o4D1E.com [2010/09/25 15:15:57 | 000,000,060 | ---- | M] () -- C:\Program Files\Internet Explorer\complete.dat [2010/09/25 16:17:48 | 000,000,016 | ---- | M] () -- C:\Program Files\Internet Explorer\dmlconf.dat [2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe [2010/09/25 15:25:00 | 000,070,144 | ---- | M] () -- C:\Program Files\Microsoft\DesktopLayer.exe :Services :Reg :Files C:\WINDOWS\tasks\At*.job ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done and save the log it produces.
- Open OTL again and click the Quick Scan button. Now post the log it produces together with the log you saved from running the fix. Post both logs in your next reply please.
============ Step two ============
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
- Double click on Combofix.exe and follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
============ Step three ============
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
After these steps:
I see that you are running no antivirussoftware, this is very dangerous! Before I start helping you, you have to download and install one, here are a few witch you can choose from:
- Microsoft Security Essentials
- Avast! Home Edition, but you do need to registrate
- Avira
#7
Posted 26 September 2010 - 07:40 PM
stylequeen16
- Topic Starter
-
- Member
-
- 4 posts
New Member
OH GOD! That's sounds really scary! 
Well I was doing all those scans like you said, and I ran into a problem. After doing the OTL Quick Scan, my computer has completely froze. I tried restarting it, and it'll be fine for about 20 seconds and it will completely freeze again. Therefore, I can't run the combofix? I'm thinking I should completely reinstall the operating system, like you said, as it sounds like the only thing that's gonna work. What do you think?
Here are the two logs I was able to get.
1) Run Fix Log
All processes killed
========== OTL ==========
Service kseirqs stopped successfully!
Service kseirqs deleted successfully!
C:\WINDOWS\system32\drivers\kseirqs.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nonep deleted successfully.
C:\Program Files\temp\kill .exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Umayaxeqetalaj deleted successfully.
C:\WINDOWS\uqowisucejalafoq.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A487742F-25BA-82F6-927E-227F7F33533C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A487742F-25BA-82F6-927E-227F7F33533C}\ not found.
C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exatoxaxedakokox deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\tcyz46 deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
C:\Program Files\temp folder moved successfully.
C:\Program Files\sys231 folder moved successfully.
C:\Program Files\sys21 folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Opogfu folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Asoro folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome\content folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA folder moved successfully.
C:\WINDOWS\ExplorerSrv.exe moved successfully.
C:\WINDOWS\system32\cmdSrv.exe moved successfully.
C:\WINDOWS\Tbirah.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\doeR23dF.exe moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\o4D1E.exe moved successfully.
C:\WINDOWS\system32\o4D1E.com moved successfully.
C:\Documents and Settings\Shubha\o4D1E.com moved successfully.
C:\WINDOWS\Eqekumejabiveb.dat moved successfully.
C:\WINDOWS\system32\service.sys moved successfully.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
C:\zrpt.xml moved successfully.
C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat moved successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0273.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0651.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL1812.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL3918.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0023.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0268.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0358.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0430.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0567.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0632.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0656.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0689.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0744.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1102.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1179.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1289.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1364.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1544.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2217.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2291.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2294.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2351.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2362.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2569.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3137.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3145.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3335.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3423.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3706.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3760.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3788.tmp deleted successfully.
File C:\Documents and Settings\Shubha\o4D1E.com not found.
File C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe not found.
File C:\Documents and Settings\All Users\Application Data\o4D1E.exe not found.
File C:\WINDOWS\System32\o4D1E.com not found.
File C:\WINDOWS\System32\cmdSrv.exe not found.
File C:\Documents and Settings\All Users\Application Data\doeR23dF.exe not found.
File C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat not found.
C:\WINDOWS\Fonts\o4D1E.com moved successfully.
File C:\WINDOWS\ExplorerSrv.exe not found.
File C:\WINDOWS\System32\service.sys not found.
File C:\WINDOWS\Eqekumejabiveb.dat not found.
File C:\WINDOWS\Tbirah.bin not found.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
File C:\zrpt.xml not found.
File C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat not found.
C:\WINDOWS\system32\comsats.sys moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Asoro\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\Bitrix Security\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA\ not found.
C:\Documents and Settings\Shubha\Application Data\Fouhi folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Itkeg folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Leas folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Loypuw folder moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Opogfu\ not found.
C:\Documents and Settings\Shubha\Application Data\Toan folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Ylikf folder moved successfully.
File C:\WINDOWS\Fonts\o4D1E.com not found.
C:\Program Files\Internet Explorer\complete.dat moved successfully.
C:\Program Files\Internet Explorer\dmlconf.dat moved successfully.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59848003 bytes
->Java cache emptied: 14726 bytes
->Flash cache emptied: 3269 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 174141194 bytes
->Java cache emptied: 7241 bytes
->Flash cache emptied: 22863 bytes
User: Reha
->Temp folder emptied: 704 bytes
->Temporary Internet Files folder emptied: 35954 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6120421 bytes
->Flash cache emptied: 0 bytes
User: Richa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Shubha
->Temp folder emptied: 155060846 bytes
->Temporary Internet Files folder emptied: 10779978 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 35413303 bytes
->Flash cache emptied: 1955 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37686675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 457.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
User: Reha
->Flash cache emptied: 0 bytes
User: Richa
->Flash cache emptied: 0 bytes
User: Shubha
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09262010_201314
Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-----------------------------------------------------------------------------------
2) Quick Scan Log
All processes killed
========== OTL ==========
Service kseirqs stopped successfully!
Service kseirqs deleted successfully!
C:\WINDOWS\system32\drivers\kseirqs.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nonep deleted successfully.
C:\Program Files\temp\kill .exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Umayaxeqetalaj deleted successfully.
C:\WINDOWS\uqowisucejalafoq.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A487742F-25BA-82F6-927E-227F7F33533C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A487742F-25BA-82F6-927E-227F7F33533C}\ not found.
C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exatoxaxedakokox deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\tcyz46 deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
C:\Program Files\temp folder moved successfully.
C:\Program Files\sys231 folder moved successfully.
C:\Program Files\sys21 folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Opogfu folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Asoro folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome\content folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA folder moved successfully.
C:\WINDOWS\ExplorerSrv.exe moved successfully.
C:\WINDOWS\system32\cmdSrv.exe moved successfully.
C:\WINDOWS\Tbirah.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\doeR23dF.exe moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\o4D1E.exe moved successfully.
C:\WINDOWS\system32\o4D1E.com moved successfully.
C:\Documents and Settings\Shubha\o4D1E.com moved successfully.
C:\WINDOWS\Eqekumejabiveb.dat moved successfully.
C:\WINDOWS\system32\service.sys moved successfully.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
C:\zrpt.xml moved successfully.
C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat moved successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0273.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0651.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL1812.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL3918.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0023.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0268.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0358.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0430.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0567.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0632.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0656.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0689.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0744.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1102.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1179.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1289.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1364.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1544.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2217.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2291.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2294.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2351.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2362.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2569.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3137.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3145.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3335.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3423.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3706.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3760.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3788.tmp deleted successfully.
File C:\Documents and Settings\Shubha\o4D1E.com not found.
File C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe not found.
File C:\Documents and Settings\All Users\Application Data\o4D1E.exe not found.
File C:\WINDOWS\System32\o4D1E.com not found.
File C:\WINDOWS\System32\cmdSrv.exe not found.
File C:\Documents and Settings\All Users\Application Data\doeR23dF.exe not found.
File C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat not found.
C:\WINDOWS\Fonts\o4D1E.com moved successfully.
File C:\WINDOWS\ExplorerSrv.exe not found.
File C:\WINDOWS\System32\service.sys not found.
File C:\WINDOWS\Eqekumejabiveb.dat not found.
File C:\WINDOWS\Tbirah.bin not found.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
File C:\zrpt.xml not found.
File C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat not found.
C:\WINDOWS\system32\comsats.sys moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Asoro\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\Bitrix Security\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA\ not found.
C:\Documents and Settings\Shubha\Application Data\Fouhi folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Itkeg folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Leas folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Loypuw folder moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Opogfu\ not found.
C:\Documents and Settings\Shubha\Application Data\Toan folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Ylikf folder moved successfully.
File C:\WINDOWS\Fonts\o4D1E.com not found.
C:\Program Files\Internet Explorer\complete.dat moved successfully.
C:\Program Files\Internet Explorer\dmlconf.dat moved successfully.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59848003 bytes
->Java cache emptied: 14726 bytes
->Flash cache emptied: 3269 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 174141194 bytes
->Java cache emptied: 7241 bytes
->Flash cache emptied: 22863 bytes
User: Reha
->Temp folder emptied: 704 bytes
->Temporary Internet Files folder emptied: 35954 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6120421 bytes
->Flash cache emptied: 0 bytes
User: Richa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Shubha
->Temp folder emptied: 155060846 bytes
->Temporary Internet Files folder emptied: 10779978 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 35413303 bytes
->Flash cache emptied: 1955 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37686675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 457.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
User: Reha
->Flash cache emptied: 0 bytes
User: Richa
->Flash cache emptied: 0 bytes
User: Shubha
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09262010_201314
Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Thank you for all your help so far!!!!!
Well I was doing all those scans like you said, and I ran into a problem. After doing the OTL Quick Scan, my computer has completely froze. I tried restarting it, and it'll be fine for about 20 seconds and it will completely freeze again. Therefore, I can't run the combofix? I'm thinking I should completely reinstall the operating system, like you said, as it sounds like the only thing that's gonna work. What do you think?
Here are the two logs I was able to get.
1) Run Fix Log
All processes killed
========== OTL ==========
Service kseirqs stopped successfully!
Service kseirqs deleted successfully!
C:\WINDOWS\system32\drivers\kseirqs.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nonep deleted successfully.
C:\Program Files\temp\kill .exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Umayaxeqetalaj deleted successfully.
C:\WINDOWS\uqowisucejalafoq.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A487742F-25BA-82F6-927E-227F7F33533C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A487742F-25BA-82F6-927E-227F7F33533C}\ not found.
C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exatoxaxedakokox deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\tcyz46 deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
C:\Program Files\temp folder moved successfully.
C:\Program Files\sys231 folder moved successfully.
C:\Program Files\sys21 folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Opogfu folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Asoro folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome\content folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA folder moved successfully.
C:\WINDOWS\ExplorerSrv.exe moved successfully.
C:\WINDOWS\system32\cmdSrv.exe moved successfully.
C:\WINDOWS\Tbirah.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\doeR23dF.exe moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\o4D1E.exe moved successfully.
C:\WINDOWS\system32\o4D1E.com moved successfully.
C:\Documents and Settings\Shubha\o4D1E.com moved successfully.
C:\WINDOWS\Eqekumejabiveb.dat moved successfully.
C:\WINDOWS\system32\service.sys moved successfully.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
C:\zrpt.xml moved successfully.
C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat moved successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0273.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0651.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL1812.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL3918.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0023.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0268.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0358.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0430.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0567.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0632.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0656.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0689.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0744.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1102.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1179.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1289.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1364.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1544.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2217.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2291.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2294.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2351.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2362.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2569.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3137.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3145.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3335.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3423.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3706.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3760.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3788.tmp deleted successfully.
File C:\Documents and Settings\Shubha\o4D1E.com not found.
File C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe not found.
File C:\Documents and Settings\All Users\Application Data\o4D1E.exe not found.
File C:\WINDOWS\System32\o4D1E.com not found.
File C:\WINDOWS\System32\cmdSrv.exe not found.
File C:\Documents and Settings\All Users\Application Data\doeR23dF.exe not found.
File C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat not found.
C:\WINDOWS\Fonts\o4D1E.com moved successfully.
File C:\WINDOWS\ExplorerSrv.exe not found.
File C:\WINDOWS\System32\service.sys not found.
File C:\WINDOWS\Eqekumejabiveb.dat not found.
File C:\WINDOWS\Tbirah.bin not found.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
File C:\zrpt.xml not found.
File C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat not found.
C:\WINDOWS\system32\comsats.sys moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Asoro\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\Bitrix Security\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA\ not found.
C:\Documents and Settings\Shubha\Application Data\Fouhi folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Itkeg folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Leas folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Loypuw folder moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Opogfu\ not found.
C:\Documents and Settings\Shubha\Application Data\Toan folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Ylikf folder moved successfully.
File C:\WINDOWS\Fonts\o4D1E.com not found.
C:\Program Files\Internet Explorer\complete.dat moved successfully.
C:\Program Files\Internet Explorer\dmlconf.dat moved successfully.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59848003 bytes
->Java cache emptied: 14726 bytes
->Flash cache emptied: 3269 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 174141194 bytes
->Java cache emptied: 7241 bytes
->Flash cache emptied: 22863 bytes
User: Reha
->Temp folder emptied: 704 bytes
->Temporary Internet Files folder emptied: 35954 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6120421 bytes
->Flash cache emptied: 0 bytes
User: Richa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Shubha
->Temp folder emptied: 155060846 bytes
->Temporary Internet Files folder emptied: 10779978 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 35413303 bytes
->Flash cache emptied: 1955 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37686675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 457.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
User: Reha
->Flash cache emptied: 0 bytes
User: Richa
->Flash cache emptied: 0 bytes
User: Shubha
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09262010_201314
Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-----------------------------------------------------------------------------------
2) Quick Scan Log
All processes killed
========== OTL ==========
Service kseirqs stopped successfully!
Service kseirqs deleted successfully!
C:\WINDOWS\system32\drivers\kseirqs.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nonep deleted successfully.
C:\Program Files\temp\kill .exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sta deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Umayaxeqetalaj deleted successfully.
C:\WINDOWS\uqowisucejalafoq.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A487742F-25BA-82F6-927E-227F7F33533C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A487742F-25BA-82F6-927E-227F7F33533C}\ not found.
C:\Documents and Settings\Shubha\Application Data\Loypuw\gana.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Exatoxaxedakokox deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Shubha\LOCALS~1\Temp\uds1bya03.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\tcyz46 deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
C:\Program Files\temp folder moved successfully.
C:\Program Files\sys231 folder moved successfully.
C:\Program Files\sys21 folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\Bitrix Security folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Opogfu folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Asoro folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome\content folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29}\chrome folder moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\{26F676A6-E8A4-462A-A917-7B817A9D5A29} folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA folder moved successfully.
C:\WINDOWS\ExplorerSrv.exe moved successfully.
C:\WINDOWS\system32\cmdSrv.exe moved successfully.
C:\WINDOWS\Tbirah.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\doeR23dF.exe moved successfully.
C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\o4D1E.exe moved successfully.
C:\WINDOWS\system32\o4D1E.com moved successfully.
C:\Documents and Settings\Shubha\o4D1E.com moved successfully.
C:\WINDOWS\Eqekumejabiveb.dat moved successfully.
C:\WINDOWS\system32\service.sys moved successfully.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
C:\zrpt.xml moved successfully.
C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat moved successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0273.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL0651.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL1812.tmp deleted successfully.
C:\Documents and Settings\Shubha\Desktop\~WRL3918.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0023.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0268.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0358.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0430.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0567.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0632.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0656.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0689.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL0744.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1102.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1179.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1289.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1364.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL1544.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2217.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2291.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2294.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2351.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2362.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL2569.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3137.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3145.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3335.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3423.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3706.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3760.tmp deleted successfully.
C:\Documents and Settings\Shubha\My Documents\~WRL3788.tmp deleted successfully.
File C:\Documents and Settings\Shubha\o4D1E.com not found.
File C:\Documents and Settings\Shubha\Local Settings\Application Data\o4D1E.exe not found.
File C:\Documents and Settings\All Users\Application Data\o4D1E.exe not found.
File C:\WINDOWS\System32\o4D1E.com not found.
File C:\WINDOWS\System32\cmdSrv.exe not found.
File C:\Documents and Settings\All Users\Application Data\doeR23dF.exe not found.
File C:\Documents and Settings\All Users\Application Data\7lRL0ux1i.dat not found.
C:\WINDOWS\Fonts\o4D1E.com moved successfully.
File C:\WINDOWS\ExplorerSrv.exe not found.
File C:\WINDOWS\System32\service.sys not found.
File C:\WINDOWS\Eqekumejabiveb.dat not found.
File C:\WINDOWS\Tbirah.bin not found.
File C:\WINDOWS\System32\drivers\kseirqs.sys not found.
File C:\zrpt.xml not found.
File C:\Documents and Settings\Shubha\Application Data\dhxiuw.dat not found.
C:\WINDOWS\system32\comsats.sys moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Asoro\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\Bitrix Security\ not found.
Folder C:\Documents and Settings\Shubha\Application Data\D06E69CD3BC44B045885EED9E402B5CA\ not found.
C:\Documents and Settings\Shubha\Application Data\Fouhi folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Itkeg folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Leas folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Loypuw folder moved successfully.
Folder C:\Documents and Settings\Shubha\Application Data\Opogfu\ not found.
C:\Documents and Settings\Shubha\Application Data\Toan folder moved successfully.
C:\Documents and Settings\Shubha\Application Data\Ylikf folder moved successfully.
File C:\WINDOWS\Fonts\o4D1E.com not found.
C:\Program Files\Internet Explorer\complete.dat moved successfully.
C:\Program Files\Internet Explorer\dmlconf.dat moved successfully.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 59848003 bytes
->Java cache emptied: 14726 bytes
->Flash cache emptied: 3269 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 174141194 bytes
->Java cache emptied: 7241 bytes
->Flash cache emptied: 22863 bytes
User: Reha
->Temp folder emptied: 704 bytes
->Temporary Internet Files folder emptied: 35954 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6120421 bytes
->Flash cache emptied: 0 bytes
User: Richa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Shubha
->Temp folder emptied: 155060846 bytes
->Temporary Internet Files folder emptied: 10779978 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 35413303 bytes
->Flash cache emptied: 1955 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37686675 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 457.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
->Flash cache emptied: 0 bytes
User: Reha
->Flash cache emptied: 0 bytes
User: Richa
->Flash cache emptied: 0 bytes
User: Shubha
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 09262010_201314
Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Thank you for all your help so far!!!!!
#8
Posted 27 September 2010 - 03:06 AM
Aaron
-
- Expert
-
- 3,155 posts
Expert
Hi
Are you still have so much trouble after the fix in OTL? It already has cleaned up a lot of malware.
You can either try to run these programs in Safe mode (press F8 when your computer is restarting, before the loading screen - after the BIOS). Or you could try to use OTH, kill all processes and then use OTL again for the quick scan. You can also use OTH to run Combofix, after killing all processes select Start Misc Program and open Combofix on your desktop.Well I was doing all those scans like you said, and I ran into a problem. After doing the OTL Quick Scan, my computer has completely froze. I tried restarting it, and it'll be fine for about 20 seconds and it will completely freeze again. Therefore, I can't run the combofix? I'm thinking I should completely reinstall the operating system, like you said, as it sounds like the only thing that's gonna work. What do you think?
Are you still have so much trouble after the fix in OTL? It already has cleaned up a lot of malware.
We will probably get your system running fine and malware-free, but reinstalling Windows will make your system 100% malware free and then you have a fresh installation. But reinstalling Windows is something a lot of user can't or want to do, so it's your choice.I'm thinking I should completely reinstall the operating system, like you said, as it sounds like the only thing that's gonna work. What do you think?
#9
Posted 02 October 2010 - 05:18 AM
Aaron
-
- Expert
-
- 3,155 posts
Expert
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
